p11tool: added --mark-no-sign and --mark-no-decrypt options

diff --git a/src/p11tool-args.def b/src/p11tool-args.def
index 88ae8b4cd737104155698b6db4dc429196a5e4e5..6009497d652c0bde5b21186d8c72767bb76fc629 100644 (file)
--- a/src/p11tool-args.def
+++ b/src/p11tool-args.def
@@ -172,6 +172,22 @@ flag = {
     doc = "Marks the object to be generated/copied with the CKA_TRUST flag.";
 };
 
+flag = {
+    name      = mark-no-decrypt;
+    disable   = "no";
+    disabled;
+    descrip   = "Marks the object to be written for no decryption";
+    doc = "Marks the object to be generated/copied with the CKA_DECRYPT flag set to false.";
+};
+
+flag = {
+    name      = mark-no-sign;
+    disable   = "no";
+    disabled;
+    descrip   = "Marks the object to be written for no sign";
+    doc = "Marks the object to be generated/copied with the CKA_SIGN flag set to false.";
+};
+
 flag = {
     name      = mark-ca;
     disable   = "no";

diff --git a/src/p11tool.c b/src/p11tool.c
index fff8542ee644c5ea73f1f038e235a2f14fc84a14..c559067fbb80055d07e03ccb097f4b2b1881f7df 100644 (file)
--- a/src/p11tool.c
+++ b/src/p11tool.c
@@ -84,6 +84,14 @@ unsigned opt_to_flags(void)
                flags |=
                    GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED;
 
+       if (ENABLED_OPT(MARK_NO_SIGN))
+               flags |=
+                   GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_SIGN;
+
+       if (ENABLED_OPT(MARK_NO_DECRYPT))
+               flags |=
+                   GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_DECRYPT;
+
        if (ENABLED_OPT(MARK_CA))
                flags |=
                    GNUTLS_PKCS11_OBJ_FLAG_MARK_CA;